0

I want that everyone (unauthorized) could store/read objects form my test swift server. Is there a way to disable authentication at all? I'm authorized with the following user (proxy-server.conf):

[filter:tempauth]
use = egg:swift#tempauth
user_test_tester = testing .admin

but want to give possibility to non-users make requests to my server also.

Serob_b
  • 965
  • 12
  • 29

2 Answers2

1

It depends on what kind of requests you want to use and what auth middleware you are using. If you are using keystone you are stuck using container level permissions. You can set permissions on a container to be public.

curl -X POST -i \
   -H "X-Auth-Token: abcdeftoken" \
   -H "X-Container-Read: .r:*" \
   -H "X-Container-Write: .r:*" \
   http://swift.example.com/v1/AUTH_testing/container
ferahgo
  • 408
  • 1
  • 4
  • 11
  • Ok. But is there a way to create a container without having authentication token? – Serob_b Jan 26 '17 at 13:19
  • You would need to set the permissions on the account level, which would require an auth token. All actions after the perms have been set to public should not require auth. – ferahgo Jan 30 '17 at 16:55
0

You can configure your proxy-server pipeline with no authentication middleware, tempauth or with keystoneauth. In the first solution you don't need to provide any password. in the second solution you can have user, group and password set in your configuration and the last one contacts keystone server for identification.

example:

[pipeline:main]
### no pass
# pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit copy container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

### tempauth
# pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server

### keystoneauth
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server


[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user

# https://docs.openstack.org/keystonemiddleware/latest/middlewarearchitecture.html
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = SWIFT_PASS # change this
delay_auth_decision = True
log_level = debug
service_token_roles_required = True

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_test5_tester5 = testing5 service
sajjadG
  • 2,546
  • 2
  • 30
  • 35